incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Girvin R. Herr" <>
Subject Re: CVE-2012-0037: data leakage vulnerability
Date Fri, 23 Mar 2012 19:20:03 GMT

Dan Lewis wrote:
> On Thu, 2012-03-22 at 15:17 -0700, Terry wrote:
>> This quote from the page mentioned by Rob:
>> <quote>Linux and other platforms should consult their distro or OS vendor for
patch instructions.</quote>
>> My distro doesn't support OpenOffice; most, I gather, don't.
>> ----- Original Message -----
>>> From: NoOp <>
>>> To:
>>> Cc: 
>>> Sent: Friday, 23 March 2012 5:13 AM
>>> Subject: Re: CVE-2012-0037: data leakage vulnerability
>>> Hash: SHA1
>>> On 03/22/2012 06:16 AM, Rob Weir wrote:
>>>>  Please note, this is the official security bulletin, targeted for 
>>>>  security professionals.  If you are an 3.3 user, and
>>>>  are able to apply the mentioned patch, then you are encouraged to
>>>>  do so.  If someone else supports or manages your desktop, then 
>>>>  please forward this information to them.
>>> ...
>>> Where are the linux patches? I could only find Window and Mac:
>>> <>
>      There is still a group of people using linux who have been ignored:
> the people who have downloaded their copy of OOo from the OOo website. I
> fall into this category.
>      Seems to me that if you are going to issue patches for Windows and
> OSX for which you provide downloads from your website, you should
> provide a patch for the rest of the versions available as binaries for
> downloading from it.
>      As far as compiling the patch, how many of the group I mentioned
> know how to compile the patches for their version? I don't, and likely
> many others don't either. In fact, I have never been able to compile any
> program following directions. I always have gotten one or more errors
> and not known what had caused the mistake nor how to fix it. That is why
> I download and install binaries.
>      Fortunately for me, I have already downloaded from the BuildBot on
> 3/10/12 so I've gotten the patch applied.
> --Dan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
First, I must divulge that I am a retired software/hardware engineer, so I do have experience
in compiling programs under Linux.  Some time ago, I did compile OO.o 2.x for my Slackware
Linux workstation, which does not come with OO.o support.  Although I didn't have any errors.
it took about 3 hours to do so on my 1.2GHz 1GB Athlon system, so I have since been repackaging
the downloaded OO.o binary packages into Slackware packages for installation. 

So, I too am in the class of Linux users who download the binary OO.o and are left out in
the cold with this new scary Apache policy.  It deeply concerns me that there is any "discussion"
at all regarding Linux support.  Although it may not be intended, it appears to me that Apache
is cutting off the *nix limb of the OO.o tree.  That does not bode well for us Linux users
who have grown dependent on OO.o for maintaining our documents and, more importantly and more
critical to me, our database forms and reports.  It makes me want to look for another Open
Document office suite.  Instead of being loyal to OO.o (aka AOO now) maybe I should take another
look at LO...

I will at least be watching this issue closely and how Apache reacts.

Girvin Herr

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message